Cisco Security Manager related queries
In one of our projects, we are running CSM 3.2 on VMWare ESX 3.5.There is a project in place to have the ESX upgraded to 4.1
This looks like a challenge as CSM 3.2 is not supported on ESX 4.1. Cisco TAC has suggested to upgrade CSM to 4.2
Queries:
1. CSM 3.2 to 4.2, will it involve additional license cost?
2. If we upgrade CSM 3.2 to 4.2 and then upgrade ESX from 3.5 to 4.1, will it be back immediately without anything required to be done on CSM end, once VMWare is upgraded.
3. Is there any other preferred solution/workaround to manage the situation
4. If we have to move CSM from one ESX to another, what would be the steps involved to retain the same configuration and logs.
Regards,
Nitin
To migrate from 3.2 to 4.2, you will need to acquire a 4.2 license. The part number depends on how many devices your 3.2 installation is licensed for. Please refer to Table 2 on this announcement. You Cisco reseller or partner can provide you a quote but if you search the Internet for that part number you can see typical costs.
The procedure for upgrade would be to first move to an interim step of CSM 4.0 and then to 4.2. Please refer to this guide. Also see the section on that guide on moving to a new server for how to handle your ESX upgrade / migration.
Similar Messages
-
Import Network host objects to Cisco Security Manager
Is it possible to import complete lists of Network Hosts objects to Cisco Security Manager?
Exporting the hosts already defined in the ASAs is easy but how to import them in CSM??
ThanksNo hostnames discovered go the Policy Object Manager (nor to the Access rules), only group-names (there's a bug in ASAs related to single host names too). The way CSM handles single hosts is previously creating them, so when we later discover devices, the single hosts names set in the discovered device are not considered, only their IP addresses; then you can see that in the discovered access rules CSM shows the hostname as the previously defined ones in the Policy Object Manager. If you dont define those hostnames before the device discovery, you will only see IP addresses, no hostnames, no matter they are set in your firewalls.
Imagine discovering a couple FWSM modules with 500 access rules, and you only get to see the IP addresses of the 2,500 hosts on your network. And you have all those hosts already defined in your FWSM firewalls, when you log via ASDM you view your hard created rules with hostnames, and when you log to CSM you only view IP addresses. The clients get very disappointed with CSM after that, and discard it. The bigger the network, the faster they reject CSM.
The only way to add hosts in the Policy Object Manager is 1 by 1. But as this may have happened to more than one company and considering how easy it is to code a feature like that, I assume that it's possible to import a complete list of single hosts to CSM.
is that really possible? it should be.
thanks for the replies so far -
Cisco Security Manager evaluation
How to download CSM software for evaluation ? CSM Q&A state -
Anybody with a valid cisco.com account can download Cisco Security Manager and use the software for up to
90 days in evaluation mode. Visit http://www.cisco.com/go/csmanager and select the “Download Software”
But when I click "Download" I get "To Download this software, you must have a valid service contract associated to your Cisco.com user ID."
Help, plz.
BR, Oleg.You can contact your local AM to get an evaluations version, this is related to the new 'restricted' downloaded access on CCO. You need to have a service contract assocaited for that 'specific' product to download software (I know it does not make sense in case of an evaluation).
And you also have the following alternate:
Note:
This download does not include CiscoWorks Resource Manager Essentials (RME). For customers that wish to also evaluate CiscoWorks RME or that prefer a media format rather than a large download, an evaluation DVD can be ordered from Cisco Marketplace. At http://www.cisco.com/pcgi-bin/marketplace/welcome.pl, navigate to the Collateral and Subscriptions Store and search for part number EVAL-CSMGR-4.0.
Regards
Farrukh -
Audit Reports on Cisco Security Manager
Is there a way to schedule audit reports from Cisco Security Manager and distribute those reports via email or some other method?
My auditors want a daily report of firewall configuration changes. They do not want to login into CS-Mgr every day to manually generate the report.Security Audit operates in one of two modes-the Security Audit wizard, which lets you choose which potential security-related configuration changes to implement on your router, and One-Step Lockdown, which automatically makes all recommended security-related configuration changes.
On routers that do not support the command scheduler interval, Security Audit configures the scheduler allocate command whenever possible. When a router is fast-switching a large number of packets, it is possible for the router to spend so much time responding to interrupts from the network interfaces that no other work gets done. Some very fast packet floods can cause this condition. It may stop administrative access to the router, which is very dangerous when the device is under attack. The scheduler allocate command guarantees a percentage of the router CPU processes for activities other than network switching, such as management processes.
The configuration that will be delivered to the router to set the scheduler allocate percentage is as follows:
scheduler allocate 4000 1000 -
FlexConfigs in Cisco Security Manager 3.2.1 SP1
Hi,
I have a problem with Cisco Security Manager 3.2.1 SP1 (fresh intall).
When I create a FlexConfig with any IP AUDIT commands or VPDN (for PPPoE config) every time I deploy the configurations in file the flexconfig is repeated in the configuration. The behavior is the same on PIX and ASA configuration.
If I deploy 20 times my devices than I'll have 20 times the same line in the configuration !
Any way to solve that problem in CSM??
The server is Win 2003 Standard English and there's absolutely nothing else than CSM installed on it...so??Hello,
I'm having the same problem for one of our customers! but flexconfig didn't work!
Can you please be more specific what exactly you did! Flex config doens't remove generated command it's adding the no crypto ca enroll 'trustpoint name' after the generated crypto ca enroll 'trustpoint name'
I've been also looking for related bugs but didn't find any!
Regards -
Cisco Security Manager 3.2.1 Sp1 and Public Key Infrastructure
Hi, all!
Recently I created configuration on PIX (FOS 7.2.4) with Cisco Security Manager 3.2.1 Sp1 to allow to work with certificate-based authentication of VPN connections. CSM created necessary commands (and unfortunately many necessary commands left unsupported too). But every time I upload new configuration (even with untouched PKI configuration) CSM adds following command - "crypto ca enroll CA-NAME noconfirm".
Right now I created FlexConfig which just do "no crypto ca....". And it works. But is there more clean solution? Why do I need to enroll every deployment?
Wait for answers.
With best regards
MaximHello,
I'm having the same problem for one of our customers! but flexconfig didn't work!
Can you please be more specific what exactly you did! Flex config doens't remove generated command it's adding the no crypto ca enroll 'trustpoint name' after the generated crypto ca enroll 'trustpoint name'
I've been also looking for related bugs but didn't find any!
Regards -
Install Cisco Security Manager 4.7 on Hyper-V
Hello,
Our customer want to install Cisco Security Manager on a Virtual Machine virtualized with Hyper-V. Documentation only mentions install the software on a Virtual Machine on Vmware systems.
Can we install without problems, and the installation will be supported on TAC if we need open a support case?
Best Regards,
DavidWhile it should work (since CSM is basically an application running on a Windows server), it is not a system that meets the requirements of the Installation Guide.
So... if the TAC found an issue related to that setup when you needed their help, they'd be within their rights to say your installation is unsupported. -
Cisco Security Manager IOPS for Storage (VM Deployent)
Hi,
I've been asked by a client about the Cisco Security Manager requirement to have 1TB of storage for events and another for archiving.
They wish to know the IOPS requirement for this storage. Please could anyone assist in this ?
Many thanks,
MarkHi,
I'm not sure that I can really help you, but I can verify that on my CSM 4.5 server which is running normally, that service has a starup type of automatic and is in the "Started" state.
You may want to check your system and application event logs to see if there are any messages that could explain why it stopped.
Regards,
Matt -
Unable to Install Cisco Security Manager
Hi,
I facing issue when trying to install Cisco Security Manager in my Windows Server 2008.
I had attach the print screen of my server version and error message.
The error message had mention that it was due to unsupport OS or terminal service.
But, i check and it show that my Window Server was the recommend version and no terminal service been enable.Hi Vincent,
Please understand that Window Server 2008 R2 Enterprise Server is not same as Windows Server 2008 Enterprise Server. I had faced the same problem earlier. The R2 version is supported only CSM 4.1 onwards.
Regards,
Chetan -
Cisco security Manager Backup error
i am getting the below error after the backup in Cisco Security Manager 3.2
[Sun Dec 20 00:00:05 2009] ERROR(313): D:/backup.LOCK file exists
Most probably another backup process is running
[Sun Dec 20 00:00:05 2009] Backup failed: 2009/12/20 00:00:05
i have deleted the backup.LOCK file and tried it is giving the same error.
any one help me in this.
thanks in advance.Update:
WHen performing the same action through the client interface, rather than from the server interface the backup has appeared to work.
Is this a feature?
Needless to say I was able to run a backup.
Steve -
Cisco Security Manager Local RBAC Authentication Radius assign user role
Is it possible to use Cisco Security Manager with local RBAC, authenticate the user to Radius and retrieve it's role from Radius. Getting the authentication to work isn't the problem, but is it also possible to return the role the user has (i.e. Super Admin) via Radius, without having to create all the users one-by-one in the local CSM database with the correct role.
Can i use a certain Cisco-AV-Pair attribute to return the user role via Radius?I just got asked to look at the same situation by one of our security people.
We have exactly the same problem but it reports a username of "*****" and we are running CSM 4.7 (upgraded last week) -
Cisco Security Manager logging
Hello Experts,
Can anyone help me, how can i configure CSM 4.0 to capture its logs.
I want to read logs of Cisco Security Manager itself, so how can i do that & in which location it captures it log file.There are multiple server logs (47 of them on my CSM 4.4 setup) all stored on the server itself and accessible from Windows Explorer.
You will need to RDP to the server and look at the log directory under the path where you installed CSM. -
Cisco Security Manager (CSM) License Problem
Hi All,
We have CSM V3.2 with Professional license edition and support 50 devices. It's installed properly in the Cisco Security Manager client as appeared in the attachement but the problem is in the server administration- license management which doesn't include any records for license (see attachment).
I tried to upload the .lic file by clicking the Update button in server administration but an error message appeared stated that the license file is corrupted although it's installed properly in CSM client!!!
Could you please advise what's the problem and what should I do?
Thanks in Advance!Sorry but Cisco seems to have removed that product bulletin from cisco.com.
Your reseller can use Cisco Commerce Workspace (CCW) to order the correct part number for your CSM installation. There is a unique number for each licensing level and/or upgrade.
For instance, for a 10-device standard license, the support would be part number CON-SAS-CSMST10K.
For the 100-device Pro license, the support would be CON-SAS-CSMPR4K9.
The reseller needs to adjust the support term (12-60 months) to suit when ordering. -
Cisco Security Manager, need global search, i.e. filters are not good at all
Does anybody know how to work effectively with security manager and filtering?
It is extremely time consuming and frustrating to work with Cisco Security Manager in regards to search for entries or filter. I have not been able to find some kind of global search, is there?
How do other people cope with this?It appears to have been a temporary issue as the backup is running fine again now... closing the thread.
-
Catalyst 3750x and 4510R and Cisco Security Manager
Hi,
I just downloaded and install trial (evaluation) version of Cisco Security Manager 4.3. In supported devices list I saw Cisco Catalyst 3750 and 4510R but when I try to add it I got for 3750:
Invalid device: Device is a switch and cannot be mapped to a Generic Router model.
Please verify the selected device type, OS version and device configuration
For 4510R:
Invalid device: Version 03.03.00.SG (N/A) is not supported for the device type of Cisco Catalyst 4510R Switch Please verify the selected device type, OS version and device configuration
We need to make a purchase decision but for it we need to import all of our devices and perform some tests.
Thanks in advance for your replies!
BR, Vasily.I figured this out on my own -- change Compatibility mode of the installer to be Windows 8 (which is same OS version as Windows 2012) and it installs just fine.
Maybe you are looking for
-
Missing message in JMS adapter sender
Hi, we have a synchronous interface with a JMS adapter. The scenario is: ECC 5.0 -> XI -> MQSeries -> XI -> ECC 5.0 We put the message in the queue MQ correctly and we get the response message. I can see this in the adapter monitoring in RuntimeWorkb
-
How to safely unmount a drive from Air?
Hello, Now that it is possible from Air2 beta2 to detect mount/unmount of drive, I wanted to know if it was possible to unmout propertly the drive that has been mounted. I'm developping a fullscreen Kiosk, where the user can plug his USB key to downl
-
Tooltip for IR report header column
Hello Everyone, I need help in setting up a tooltip for report hearder in interactive reports. I tried the following methods: 1) By assigning a div title for column Deptno(This code is taken from the html source of IR report column): <th id="DEPTNO"
-
Share Data Source between multiple report projects in Microsoft SQL Server 2012 Reporting Services
I have a reports solution in 2012 which contains multiple report projects one each for target deployment folder and we use TFS 2012 for report deployment. We have a template project which has a bunch of template reports and all the datasources used i
-
hi everyone,I have an Ipod 5 and its not sliding.it was working perfectly fine till last night.It was charging and i was texting,so then my mom called me then when i came back its stop sliding(i cant get in)HELP!!!